{"id":5239,"date":"2026-05-24T14:09:46","date_gmt":"2026-05-24T19:09:46","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5239"},"modified":"2026-05-25T17:49:15","modified_gmt":"2026-05-25T22:49:15","slug":"the-devsecops-signal-may-24-2026","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5239","title":{"rendered":"The DevSecOps Signal \u2014 May 24, 2026"},"content":{"rendered":"<style>\n.single .entry-title,\n.single .entry-header .entry-title,\n.single .post-title,\n.single header.entry-header h1,\n.single h1.entry-title,\n.single .page-title,\n.post-template-default h1.entry-title,\n.post-template-default .entry-header,\narticle .entry-header,\narticle .entry-title { display: none !important; }\n.single .entry-header { margin: 0 !important; padding: 0 !important; }\n.single .entry-content { margin-top: 0 !important; padding-top: 0 !important; }\n<\/style>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"background-color:#f4f5f7;\">\n<tr>\n<td align=\"center\" style=\"padding:24px 12px;\">\n<table role=\"presentation\" width=\"680\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"max-width:680px;width:100%;background-color:#ffffff;border-radius:8px;overflow:hidden;box-shadow:0 1px 3px rgba(0,0,0,0.08);\">\n<tr>\n<td style=\"background-color:#0c4a6e;background:linear-gradient(135deg,#082f49 0%,#0c4a6e 50%,#0891b2 100%);padding:32px 28px 24px;color:#ffffff;\">\n<div style=\"font-size:12px;letter-spacing:2px;text-transform:uppercase;margin-bottom:8px;color:white\">DevSecOps Bulletin \u00b7 Inaugural Issue \u00b7 May 24, 2026<\/div>\n<div style=\"margin:0;font-size:28px;line-height:1.2;font-weight:700;color:#ffffff !important;mso-line-height-rule:exactly;\">The DevSecOps Signal<\/div>\n<p style=\"margin:8px 0 0;font-size:14px;opacity:0.85;color: white;\">Secure software supply chains, build-pipeline integrity, and the developer-security-ops collaboration<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 4px;\">\n<h2 style=\"margin:0 0 12px;font-size:18px;color:#0f172a;border-bottom:2px solid #0891b2;padding-bottom:6px;\">This week at a glance<\/h2>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\"><strong>Welcome to the inaugural issue of The DevSecOps Signal.<\/strong> This bulletin focuses on the seams where development, security, and operations collide &mdash; secure software supply chains, build-pipeline integrity, developer-tooling trust, and the cultural work of making security a shared discipline rather than a gate.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">The threat side of this week&rsquo;s lineup is tight but pointed: every supply-chain story is about the same underlying threat &mdash; <strong>the developer toolchain itself is being weaponized to harvest CI\/CD credentials<\/strong>. A second &ldquo;Shai-Hulud&rdquo; npm worm compromised 600+ packages from the <code>@antv<\/code> family in a single hour; a poisoned <code>Nx Console<\/code> VS Code extension with 2.2M installs siphoned 1Password vaults, Claude Code configs, and cloud creds from developer machines; and Grafana confirmed attackers exfiltrated its entire codebase via a single missed GitHub workflow token rotation following the TanStack supply-chain compromise.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">On the defense side, two platform-level responses landed this week. CISA opened a new public nomination form for the <strong>Known Exploited Vulnerabilities (KEV)<\/strong> catalog, giving researchers and DevSecOps tooling vendors (SCA, dependency scanners) a direct submission path. And npm shipped <strong>2FA-gated &ldquo;staged publishing&rdquo;<\/strong> to general availability &mdash; requiring a human maintainer to approve every package release via 2FA, even when the publish was triggered by CI\/CD or OIDC trusted publishing. That last change matters: a compromised CI token alone is no longer enough to ship malicious versions to your downstream users.<\/p>\n<p style=\"margin:0 0 12px;font-size:15px;color:#374151;\">If your team still treats <code>package-lock.json<\/code>, VS Code extensions, and CI\/CD service tokens as background plumbing, this week is a wake-up call. The attackers have moved up the stack &mdash; they are now targeting the build, not the binary.<\/p>\n<p style=\"margin:0 0 12px;font-size:13px;color:#64748b;font-style:italic;\">First-issue note: this bulletin will grow. Future issues will expand coverage to SBOM\/SLSA tooling, Sigstore\/in-toto attestation, IaC scanning, secret-detection, runtime application self-protection, and the broader DevSecOps platform-engineering conversation. Send feedback on what you want covered.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:18px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Entity graph &mdash; this week&rsquo;s supply-chain attack surface<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<p style=\"margin:0 0 8px;font-size:11px;color:#64748b;\">Named developer-tooling targets, attacker infrastructure, credential classes harvested, and the vulnerability-disclosure ecosystem across this week&rsquo;s four stories.<\/p>\n<div style=\"background-color:#ffffff;border:1px solid #e2e8f0;border-radius:8px;padding:14px;\">\n<img decoding=\"async\" src=\"https:\/\/www.cybersecurityinstitute.com\/blog\/wp-content\/uploads\/2026\/05\/topic-map-devsecops-2026-05-24-1.png\" alt=\"Topic map for devsecops\" style=\"width:100%;max-width:880px;height:auto;display:block;margin:0 auto;\" \/>\n<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Article index<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:14px 0 8px;font-size:15px;color:#0891b2;text-transform:uppercase;letter-spacing:1px;\">Developer toolchain supply-chain attacks<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/20\/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft\/\" style=\"color:#1d4ed8;text-decoration:none;\">Mini Shai-Hulud: Compromised @antv npm packages enable CI\/CD credential theft<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Microsoft Security Blog<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 20, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thehackernews.com\/2026\/05\/compromised-nx-console-18950-targeted.html\" style=\"color:#1d4ed8;text-decoration:none;\">Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Hacker News<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 19, 2026<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/grafana-says-stolen-github-token-let-hackers-steal-codebase\/\" style=\"color:#1d4ed8;text-decoration:none;\">Grafana says stolen GitHub token let hackers steal codebase<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">BleepingComputer<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 18, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#16a34a;text-transform:uppercase;letter-spacing:1px;\">Vulnerability disclosure &amp; the DevSecOps ecosystem<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/22\/cisa-kev-nomination-form\/\" style=\"color:#1d4ed8;text-decoration:none;\">CISA&rsquo;s new KEV nomination form opens reporting to vendors and researchers<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">Help Net Security<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#9333ea;text-transform:uppercase;letter-spacing:1px;\">Platform defenses respond<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thehackernews.com\/2026\/05\/npm-adds-2fa-gated-publishing-and.html\" style=\"color:#1d4ed8;text-decoration:none;\">npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The Hacker News<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 23, 2026<\/td>\n<\/tr>\n<\/table>\n<h3 style=\"margin:22px 0 8px;font-size:15px;color:#16a34a;text-transform:uppercase;letter-spacing:1px;\">AI-Ops resilience &amp; platform engineering<\/h3>\n<table role=\"presentation\" width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" style=\"font-size:13px;border-collapse:collapse;\">\n<tr style=\"background-color:#f8fafc;\">\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:55%;\">Article<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:30%;\">Source<\/th>\n<th align=\"left\" style=\"padding:8px 6px;border-bottom:1px solid #e2e8f0;color:#475569;font-weight:600;width:15%;\">Published<\/th>\n<\/tr>\n<tr>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;\"><a href=\"https:\/\/thenewstack.io\/operational-debt-ai-strategy\/\" style=\"color:#1d4ed8;text-decoration:none;\">Three ways operational debt will break your AI strategy, and how to recover<\/a><\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">The New Stack<\/td>\n<td style=\"padding:8px 6px;border-bottom:1px solid #f1f5f9;color:#475569;\">May 22, 2026<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Detailed write-ups<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Mini Shai-Hulud: a second self-replicating npm worm hits @antv (May 20)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Microsoft Threat Intelligence detailed the May 19 npm wave that began at 01:56 UTC and ran for exactly one hour: a compromised maintainer account on the popular <code>@antv<\/code> visualization library family pushed <strong>639 malicious versions across 323 unique packages<\/strong>. The marker string &mdash; <em>&ldquo;Shai-Hulud: Here We Go Again&rdquo;<\/em> &mdash; confirms this is a follow-on to the 2024 Shai-Hulud worm, with the same self-propagation pattern: once installed, the package uses harvested npm tokens to publish itself further into the maintainer&rsquo;s other packages.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The clever (and concerning) wrinkle: <strong>the malicious versions generate cryptographically valid Sigstore provenance attestations<\/strong>. The familiar green &ldquo;verified&rdquo; badge appears on npm. Provenance attests <em>that<\/em> the package was built in a trusted workflow &mdash; not that the workflow was uncompromised. The attack also exfiltrates GitHub Actions secrets, AWS keys, npm tokens, and any other environment variables the build environment had access to, then uses them to extend the worm&rsquo;s reach.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>What to do this week<\/strong>: block <code>@antv\/*<\/code> versions published between 01:56 and 02:56 UTC May 19, 2026 in your registry; rotate any npm publish token, GitHub token, AWS key, or cloud credential that may have touched a build using those packages; treat provenance attestations as one signal of many, not as proof of safety; subscribe to your registry&rsquo;s rapid-response advisory feed if you haven&rsquo;t.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/20\/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft\/\" style=\"color:#1d4ed8;text-decoration:none;\">Microsoft Security Blog<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Compromised Nx Console v18.95.0 weaponizes VS Code against developers (May 19)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">On May 18, attackers published <strong>Nx Console version 18.95.0<\/strong> to the VS Code Marketplace &mdash; an extension with <strong>2.2 million installs<\/strong> across professional developer machines. The release carried a 498KB obfuscated payload that fetched its second stage from a <em>dangling orphan commit<\/em> in the legitimate <code>nrwl\/nx<\/code> GitHub repository, neatly bypassing repo-monitoring tools that only watch reachable refs.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The credential harvester is targeted at the modern AI-augmented developer: <strong>1Password vaults, Claude Code (Anthropic) configuration files, npm tokens, GitHub credentials, AWS profiles, SSH keys, and browser-stored cloud-provider credentials<\/strong>. The campaign is linked to <strong>TeamPCP<\/strong> &mdash; the same actor cluster behind the May 11 TanStack npm compromise that subsequently led to the Grafana codebase exfiltration (see next story). VS Code extensions, like browser extensions, have effectively full read access to anything the developer can read; this attack is a direct demonstration of why &ldquo;trusted developer tools&rdquo; is increasingly an oxymoron.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>What to do this week<\/strong>: audit installed VS Code (and JetBrains, Cursor, Windsurf) extensions on developer machines; pin extensions to known-good versions or require a security review before auto-update; treat <code>~\/.config\/Claude<\/code>, 1Password CLI tokens, and IDE-stored credentials as high-value secrets that need short rotation; consider moving credentials out of files and into hardware-backed agents (1Password CLI biometric unlock, GitHub Codespaces ephemeral creds, AWS SSO) where possible.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/thehackernews.com\/2026\/05\/compromised-nx-console-18950-targeted.html\" style=\"color:#1d4ed8;text-decoration:none;\">The Hacker News<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Grafana confirms full codebase exfiltration via missed token rotation (May 18)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">Grafana Labs publicly confirmed that attackers <strong>downloaded its source code<\/strong> via a GitHub workflow token leaked during the May 11 TanStack\/TeamPCP npm supply-chain compromise. The token should have been rotated when TanStack disclosed the breach &mdash; it wasn&rsquo;t. On May 16, the <strong>CoinbaseCartel<\/strong> data-theft group claimed the haul and attempted extortion. Grafana refused to pay and chose disclosure instead.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The DevSecOps lesson is structural, not technical. The attack succeeded not because of a missing security tool, but because of a missing <em>process<\/em>: <strong>no rapid &ldquo;every CI token that touched the compromised dependency in the last N days&rdquo; rotation playbook<\/strong>. Every team thinks it has one. Almost none do. The token in question was a long-lived GitHub Actions token with broad repo-read scope &mdash; precisely the kind of credential that&rsquo;s supposed to be ephemeral by 2026 but, in practice, still litters most production workflows.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>What to do this week<\/strong>: inventory long-lived CI\/CD tokens with read access to source repos; replace them with short-lived OIDC federation wherever your CI platform supports it; write a one-page &ldquo;upstream package compromise&rdquo; runbook that lists the exact GitHub\/npm\/PyPI\/registry token classes to rotate within 24 hours of any disclosed compromise in your dependency graph; subscribe to GitHub&rsquo;s and your registry&rsquo;s security advisory feeds and make sure they page someone.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/grafana-says-stolen-github-token-let-hackers-steal-codebase\/\" style=\"color:#1d4ed8;text-decoration:none;\">BleepingComputer<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">CISA opens KEV catalog nominations to vendors and researchers (May 22)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">CISA launched a public web form letting researchers, vendors, and industry partners submit candidate entries for the <strong>Known Exploited Vulnerabilities (KEV)<\/strong> catalog. Until now, additions were almost entirely driven by CISA&rsquo;s own intelligence channels &mdash; with predictable lag. The new form (alongside the existing <code>vulnerability@cisa.dhs.gov<\/code> mailbox) opens a faster, structured submission path, while keeping the inclusion bar intact: an assigned CVE, confirmed in-the-wild exploitation, and remediation guidance.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">For DevSecOps teams the implications are operational, not theoretical. Your <strong>SCA and dependency-scanning tooling almost certainly already consumes KEV<\/strong> as a prioritization signal &mdash; Snyk, Aikido, Sonatype, Veracode, GitHub Advanced Security, GitLab, JFrog Advanced Security, Mend, and Black Duck all integrate it. A faster-moving KEV means faster-moving alerts in your scanners and, downstream, more frequent rebuild\/redeploy churn driven by exploit-validation rather than CVSS scores alone. Two questions worth asking your team: (1) is anyone on your team in a position to <em>submit<\/em> KEV nominations from your incident-response data, not just consume them? (2) when KEV adds a CVE you have in your dependency graph, what&rsquo;s your SLA from KEV-add to deployed patch?<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>What to do this week<\/strong>: confirm your dependency scanner uses KEV as a high-priority signal (not just CVSS); document a KEV-driven patch SLA (24 hours is the new federal default; many private orgs are 7&ndash;14 days &mdash; the DBIR 2026 found only 26% of CISA KEV entries get patched at all); identify the engineer or analyst on your team who would be the right channel for submitting KEV candidates back to CISA when your IR or threat-hunting work uncovers active exploitation.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/www.helpnetsecurity.com\/2026\/05\/22\/cisa-kev-nomination-form\/\" style=\"color:#1d4ed8;text-decoration:none;\">Help Net Security<\/a> &middot; <a href=\"https:\/\/www.cisa.gov\/news-events\/news\/cisa-enhances-known-exploited-vulnerabilities-catalog-include-new-nomination-form\" style=\"color:#1d4ed8;text-decoration:none;\">CISA announcement<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">npm ships 2FA-gated &ldquo;staged publishing&rdquo; in direct response to the wave (May 23)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">In a direct platform-level answer to the Mini Shai-Hulud \/ TeamPCP \/ Nx Console campaigns covered above, GitHub rolled out <strong>staged publishing<\/strong> for npm to general availability. Instead of a direct publish that makes a package immediately installable, the prebuilt tarball lands in a stage queue and a human maintainer must <strong>pass a 2FA challenge to approve it<\/strong> before consumers can install it. Crucially, the approval requirement applies even to CI\/CD-originated publishes and to OIDC trusted-publishing flows &mdash; meaning <em>a compromised CI token alone is no longer enough<\/em> to ship malicious versions to your downstream users.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">A second change introduces three new install-source flags mirroring the existing <code>--allow-git<\/code>: <code>--allow-file<\/code> (local paths and tarballs), <code>--allow-remote<\/code> (HTTPS URLs\/tarballs), <code>--allow-directory<\/code> (local directories). This lets organizations apply an explicit-allowlist policy to every non-registry install source, closing the &ldquo;but it was just a local tarball&rdquo; loophole that several recent attacks have exploited.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>Prerequisites<\/strong>: publish access to the package; the package must already exist on the registry (brand-new packages can&rsquo;t be staged); maintainer account 2FA enabled; npm CLI 11.15.0+. GitHub recommends pairing staged publishing with trusted publishing using OIDC for strongest protection. <strong>What to do this week<\/strong>: turn on 2FA across every npm maintainer account that has publish rights on packages your team produces or relies on; enable staged publishing on your highest-risk libraries first; update CI runners to npm 11.15.0+; review your <code>npm install<\/code> invocations and tighten install-source flags to the minimum your build actually needs.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/thehackernews.com\/2026\/05\/npm-adds-2fa-gated-publishing-and.html\" style=\"color:#1d4ed8;text-decoration:none;\">The Hacker News<\/a> &middot; <a href=\"https:\/\/github.blog\/changelog\/2026-05-22-staged-publishing-and-new-install-time-controls-for-npm\/\" style=\"color:#1d4ed8;text-decoration:none;\">GitHub changelog<\/a><\/p>\n<h3 style=\"margin:0 0 6px;font-size:16px;color:#111827;\">Three ways operational debt will break your AI strategy &mdash; and how to recover (May 22)<\/h3>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">A platform-engineering counterpoint to the week&rsquo;s attack stories. Debora Cambe argues that the same accumulated shortcuts that have always broken software systems \u2014 undocumented changes, unmonitored services, stale runbooks, drifted environments \u2014 break <em>faster and harder<\/em> in AI-augmented production, because AI agents amplify both the velocity of change and the blast radius of bad assumptions. Three categories of operational debt do most of the damage: (1) <strong>observability debt<\/strong>: you cannot see what your agents are doing or why; (2) <strong>governance debt<\/strong>: agents have privileges, secrets, and tool access that no human signed off on; (3) <strong>runbook debt<\/strong>: nothing on-call has practiced for the failure modes agents create.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\">The four-step recovery framework: <strong>inventory<\/strong> (every agent, model, MCP server, and credential touching production), <strong>instrument<\/strong> (decisions, tool calls, retries, and outcomes), <strong>gate<\/strong> (require human approval for irreversible actions and credential issuance), and <strong>rehearse<\/strong> (failure-mode tabletops specifically for agentic systems \u2014 what happens when the model is wrong, the tool is wrong, or both?). Reads as the platform-engineering complement to this week&rsquo;s supply-chain stories: secure your dev tooling, <em>and<\/em> keep your AI ops resilient. The two halves of the DevSecOps mandate.<\/p>\n<p style=\"margin:0 0 6px;font-size:14px;color:#374151;\"><strong>What to do this week<\/strong>: spend an hour producing a one-page agent inventory for any AI agent your team has put into a production-facing workflow; identify the three highest-risk gaps in that inventory (uncredentialed agent, unlogged tool call, missing rollback); write a single tabletop scenario for an agent-induced incident and run it with on-call.<\/p>\n<p style=\"margin:0 0 18px;font-size:12.5px;color:#475569;\">Sources: <a href=\"https:\/\/thenewstack.io\/operational-debt-ai-strategy\/\" style=\"color:#1d4ed8;text-decoration:none;\">The New Stack<\/a><\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:24px 28px 4px;\">\n<h2 style=\"margin:0 0 4px;font-size:20px;color:#0f172a;\">Watch list \u2014 the through-line<\/h2>\n<div style=\"height:3px;width:48px;background-color:#0891b2;margin-bottom:14px;\"><\/div>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">Six stories, three threads: the supply-chain attack trio (Mini Shai-Hulud, Nx Console, Grafana), the platform defenses responding (CISA KEV public form, npm 2FA-gated staged publishing), and the platform-engineering complement on AI-Ops resilience (operational debt). The platform is finally moving on the attack side; the harder cultural work on the AI-Ops side is just beginning. If you only have time for three actions, do these:<\/p>\n<ol style=\"margin:0 0 12px 18px;padding:0;font-size:14px;color:#374151;\">\n<li style=\"margin-bottom:8px;\"><strong>Kill long-lived CI\/CD tokens.<\/strong> Move every GitHub Actions, GitLab CI, CircleCI, Jenkins, and Buildkite token with source-read or registry-publish scope to short-lived OIDC federation. The Grafana incident is the case study; the Mini Shai-Hulud worm is the threat model that justifies the urgency.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Treat the developer machine as a CI runner.<\/strong> The same secrets, the same blast radius. VS Code\/Cursor\/JetBrains extensions are unsigned code execution. Restrict extension install to a curated allowlist, or accept that any extension compromise reaches 1Password vaults, IDE-stored cloud creds, and AI assistant configs.<\/li>\n<li style=\"margin-bottom:8px;\"><strong>Write an upstream-compromise runbook this week.<\/strong> One page. List the exact token classes (npm, GitHub Actions, PyPI, Composer, Cargo, NuGet, Docker Hub, AWS, GCP, Azure) and the exact rotation command for each. When the next worm hits &mdash; and it will be within weeks, not months &mdash; you will have hours, not days, to respond.<\/li>\n<\/ol>\n<p style=\"margin:0 0 12px;font-size:14px;color:#374151;\">A bonus item worth noting: Sigstore provenance attestations are <em>useful<\/em> but they are not <em>proof<\/em>. A green badge means &ldquo;built in a known workflow.&rdquo; It does not mean &ldquo;built from clean source by an uncompromised maintainer.&rdquo; Build a mental model of what provenance actually attests &mdash; and what it doesn&rsquo;t &mdash; before you use it to gate anything.<\/p>\n<\/td>\n<\/tr>\n<tr>\n<td style=\"padding:28px 28px 32px;border-top:1px solid #e5e7eb;color:#6b7280;font-size:12px;text-align:center;\">\n<p style=\"margin:0 0 6px;color:#6b7280;\">The DevSecOps Signal &middot; a Newshunter publication<\/p>\n<p style=\"margin:0 0 6px;color:#6b7280;\">Inaugural issue, May 24, 2026. Weekly news items are from the previous seven days. Coverage will broaden in subsequent issues.<\/p>\n<p style=\"margin:0 0 10px;color:#6b7280;\"><a href=\"*|UNSUB|*\" style=\"color:#1d4ed8;text-decoration:none;\">Unsubscribe<\/a> &middot; <a href=\"*|ARCHIVE|*\" style=\"color:#1d4ed8;text-decoration:none;\">View in browser<\/a><\/p>\n<p style=\"margin:14px 0 4px;font-size:11px;color:#9ca3af;\">Newsletter design, layout, and editorial curation &copy; 2026 Security Radar LLC. All rights reserved.<\/p>\n<p style=\"margin:0;font-size:11px;color:#9ca3af;\">Article titles and summaries are excerpted for review and commentary; all linked articles remain the copyright of their respective publishers and authors.<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>DevSecOps Bulletin \u00b7 Inaugural Issue \u00b7 May 24, 2026 The DevSecOps Signal Secure software supply chains, build-pipeline integrity, and the developer-security-ops collaboration This week at a glance Welcome to the inaugural issue of The DevSecOps Signal. This bulletin focuses on the seams where development, security, and operations collide &mdash; secure&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,11],"tags":[],"class_list":["post-5239","post","type-post","status-publish","format-standard","hentry","category-secure","category-trends"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5239","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5239"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5239\/revisions"}],"predecessor-version":[{"id":5255,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/5239\/revisions\/5255"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5239"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5239"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5239"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}